CVE-2008-3109 — JDK vulnerability

CWE-2645 documents5 sources

Severity

7.5HIGHNVD

EPSS

6.6%

top 8.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE

Timeline

PublishedJul 9

Latest updateMay 1

Description

Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDsun/jdk6+1

▶NVDsun/jre6+1

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-g75f-42vw-m3xv: Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dep↗2022-05-01

▶

CVEList

CVE-2008-3109: Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dep↗2008-07-09

▶

📋Vendor Advisories

Red Hat

Security Vulnerabilities in the Java Runtime Environment Scripting Language Support (6529568, 6529579)↗2008-07-08

▶

💬Community

Bugzilla

CVE-2008-3109 CVE-2008-3110 Security Vulnerabilities in the Java Runtime Environment Scripting Language Support (6529568, 6529579)↗2008-07-09

▶